diff options
Diffstat (limited to 'security/gnupg/patches')
| -rw-r--r-- | security/gnupg/patches/patch-aa | 8 | ||||
| -rw-r--r-- | security/gnupg/patches/patch-ak | 6 | ||||
| -rw-r--r-- | security/gnupg/patches/patch-ba | 27 |
3 files changed, 34 insertions, 7 deletions
diff --git a/security/gnupg/patches/patch-aa b/security/gnupg/patches/patch-aa index 3989b307889..c007a433073 100644 --- a/security/gnupg/patches/patch-aa +++ b/security/gnupg/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.10 2004/12/25 02:54:13 wiz Exp $ +$NetBSD: patch-aa,v 1.10.10.1 2006/06/25 08:58:14 snj Exp $ ---- cipher/idea-stub.c.orig 2004-11-17 16:50:56.000000000 +0100 +--- cipher/idea-stub.c.orig 2005-12-08 06:58:36.000000000 +0000 +++ cipher/idea-stub.c -@@ -132,9 +132,9 @@ load_module (const char *name) +@@ -133,9 +133,9 @@ load_module (const char *name) } sym = dlsym (handle, "idea_get_info"); @@ -13,4 +13,4 @@ $NetBSD: patch-aa,v 1.10 2004/12/25 02:54:13 wiz Exp $ + if ((sym == NULL) && (err=dlerror())) goto failure; - return sym; + return (INFO_FNC)sym; diff --git a/security/gnupg/patches/patch-ak b/security/gnupg/patches/patch-ak index b36907ce81a..dd128442775 100644 --- a/security/gnupg/patches/patch-ak +++ b/security/gnupg/patches/patch-ak @@ -1,8 +1,8 @@ -$NetBSD: patch-ak,v 1.2 2004/12/25 02:54:13 wiz Exp $ +$NetBSD: patch-ak,v 1.2.10.1 2006/06/25 08:58:14 snj Exp $ ---- include/types.h.orig 2003-09-28 13:35:29.000000000 +0200 +--- include/types.h.orig 2005-07-27 17:02:56.000000000 +0000 +++ include/types.h -@@ -103,7 +103,12 @@ typedef unsigned long u32; +@@ -104,7 +104,12 @@ typedef unsigned long u32; #undef u64 /* maybe there is a macro with this name */ #if SIZEOF_UINT64_T == 8 typedef uint64_t u64; diff --git a/security/gnupg/patches/patch-ba b/security/gnupg/patches/patch-ba new file mode 100644 index 00000000000..bb1327fea48 --- /dev/null +++ b/security/gnupg/patches/patch-ba @@ -0,0 +1,27 @@ +$NetBSD: patch-ba,v 1.1.2.2 2006/06/25 08:58:14 snj Exp $ + +Security fix for CVE-2006-3082, from GnuPG CVS repository. + +--- g10/parse-packet.c.orig 2005-12-06 14:22:19.000000000 +0100 ++++ g10/parse-packet.c 2006-06-24 16:09:34.000000000 +0200 +@@ -1972,6 +1972,20 @@ + { + byte *p; + ++ /* Cap the size of a user ID at 2k: a value absurdly large enough ++ that there is no sane user ID string (which is printable text ++ as of RFC2440bis) that won't fit in it, but yet small enough to ++ avoid allocation problems. A large pktlen may not be ++ allocatable, and a very large pktlen could actually cause our ++ allocation to wrap around in xmalloc to a small number. */ ++ ++ if(pktlen>2048) ++ { ++ log_error("packet(%d) too large\n", pkttype); ++ iobuf_skip_rest(inp, pktlen, 0); ++ return G10ERR_INVALID_PACKET; ++ } ++ + packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen); + packet->pkt.user_id->len = pktlen; + packet->pkt.user_id->ref=1; |